From be6888c589b075f524d49a4436ea6296f2aa9e97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Tue, 12 Nov 2024 16:35:28 +0100 Subject: [PATCH 1/6] Fixes for Dilithium in TLS handshake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some fixes to better handle Dilithium keys and signatures in the TLS handshake. Signed-off-by: Tobias Frauenschläger --- src/ssl.c | 6 ++-- src/tls13.c | 78 +++++++++++++++++++-------------------------- wolfcrypt/src/asn.c | 4 +++ 3 files changed, 40 insertions(+), 48 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 7220292c04..139067aba8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18569,11 +18569,11 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { "Dilithium Level 5", "Dilithium Level 5"}, #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ { CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType, - "ML_DSA Level 2", "ML_DSA Level 2"}, + "ML-DSA 44", "ML-DSA 44"}, { CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType, - "ML_DSA Level 3", "ML_DSA Level 3"}, + "ML-DSA 65", "ML-DSA 65"}, { CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType, - "ML_DSA Level 5", "ML_DSA Level 5"}, + "ML-DSA 87", "ML-DSA 87"}, #endif /* HAVE_DILITHIUM */ /* oidCurveType */ diff --git a/src/tls13.c b/src/tls13.c index 156788ed55..b1490b80c7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9145,41 +9145,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif #if defined(HAVE_FALCON) else if (ssl->hsType == DYNAMIC_TYPE_FALCON) { - falcon_key* fkey = (falcon_key*)ssl->hsKey; - byte level = 0; - if (wc_falcon_get_level(fkey, &level) != 0) { - ERROR_OUT(ALGO_ID_E, exit_scv); - } - if (level == 1) { - args->sigAlgo = falcon_level1_sa_algo; - } - else if (level == 5) { - args->sigAlgo = falcon_level5_sa_algo; - } - else { - ERROR_OUT(ALGO_ID_E, exit_scv); - } + args->sigAlgo = ssl->buffers.keyType; } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { - dilithium_key* fkey = (dilithium_key*)ssl->hsKey; - byte level = 0; - if (wc_dilithium_get_level(fkey, &level) != 0) { - ERROR_OUT(ALGO_ID_E, exit_scv); - } - if (level == 2) { - args->sigAlgo = dilithium_level2_sa_algo; - } - else if (level == 3) { - args->sigAlgo = dilithium_level3_sa_algo; - } - else if (level == 5) { - args->sigAlgo = dilithium_level5_sa_algo; - } - else { - ERROR_OUT(ALGO_ID_E, exit_scv); - } + args->sigAlgo = ssl->buffers.keyType; } #endif /* HAVE_DILITHIUM */ else { @@ -9463,9 +9434,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { - ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz, - sigOut, &args->sigLen, - (dilithium_key*)ssl->hsKey, ssl->rng); + ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData, + args->sigDataSz, sigOut, + &args->sigLen, + (dilithium_key*)ssl->hsKey, + ssl->rng); args->length = (word16)args->sigLen; } #endif /* HAVE_DILITHIUM */ @@ -9557,11 +9530,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) { - ret = wc_dilithium_sign_msg(args->altSigData, - args->altSigDataSz, sigOut, - &args->altSigLen, - (dilithium_key*)ssl->hsAltKey, - ssl->rng); + ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData, + args->altSigDataSz, sigOut, &args->altSigLen, + (dilithium_key*)ssl->hsAltKey, ssl->rng); } #endif /* HAVE_DILITHIUM */ @@ -10546,6 +10517,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Falcon signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) @@ -10555,9 +10530,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (ssl->peerDilithiumKeyPresent)) { int res = 0; WOLFSSL_MSG("Doing Dilithium peer cert verify"); - ret = wc_dilithium_verify_msg(sig, args->sigSz, - args->sigData, args->sigDataSz, - &res, ssl->peerDilithiumKey); + ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0, + args->sigData, args->sigDataSz, + &res, ssl->peerDilithiumKey); if ((ret >= 0) && (res == 1)) { /* CLIENT/SERVER: data verified with public key from @@ -10568,6 +10543,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerDilithiumKey); ssl->peerDilithiumKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Dilithium signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_DILITHIUM */ @@ -10648,6 +10627,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Falcon signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) @@ -10657,9 +10640,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (ssl->peerDilithiumKeyPresent)) { int res = 0; WOLFSSL_MSG("Doing Dilithium peer cert alt verify"); - ret = wc_dilithium_verify_msg(sig, args->altSignatureSz, - args->altSigData, args->altSigDataSz, - &res, ssl->peerDilithiumKey); + ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz, + NULL, 0, args->altSigData, + args->altSigDataSz, &res, + ssl->peerDilithiumKey); if ((ret >= 0) && (res == 1)) { /* CLIENT/SERVER: data verified with public key from @@ -10670,6 +10654,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerDilithiumKey); ssl->peerDilithiumKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Dilithium signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_DILITHIUM */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8507503d35..ff620435f9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -17272,6 +17272,10 @@ int ConfirmSignature(SignatureCtx* sigCtx, level = WC_ML_DSA_87_DRAFT; } #endif + else { + WOLFSSL_MSG("Invalid Dilithium key OID"); + goto exit_cs; + } sigCtx->verify = 0; sigCtx->key.dilithium = (dilithium_key*)XMALLOC( sizeof(dilithium_key), sigCtx->heap, From 9db5499dbd908bc79c23e756c127194f151417f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Fri, 6 Sep 2024 14:28:10 +0200 Subject: [PATCH 2/6] Update CryptoCb API for Dilithium final standard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add context and preHash metadata. Signed-off-by: Tobias Frauenschläger --- wolfcrypt/src/cryptocb.c | 12 +++++-- wolfcrypt/src/dilithium.c | 68 ++++++++++++++++++++++++++++++------ wolfcrypt/src/falcon.c | 8 ++--- wolfssl/wolfcrypt/cryptocb.h | 12 +++++-- 4 files changed, 82 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index fc9a56100a..daf9cb99b2 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -1043,7 +1043,8 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, } int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, - WC_RNG* rng, int type, void* key) + const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng, + int type, void* key) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; @@ -1068,6 +1069,9 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, cryptoInfo.pk.pqc_sign.inlen = inlen; cryptoInfo.pk.pqc_sign.out = out; cryptoInfo.pk.pqc_sign.outlen = outlen; + cryptoInfo.pk.pqc_sign.context = context; + cryptoInfo.pk.pqc_sign.contextLen = contextLen; + cryptoInfo.pk.pqc_sign.preHashType = preHashType; cryptoInfo.pk.pqc_sign.rng = rng; cryptoInfo.pk.pqc_sign.key = key; cryptoInfo.pk.pqc_sign.type = type; @@ -1079,7 +1083,8 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, } int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, - word32 msglen, int* res, int type, void* key) + word32 msglen, const byte* context, byte contextLen, word32 preHashType, + int* res, int type, void* key) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; @@ -1104,6 +1109,9 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, cryptoInfo.pk.pqc_verify.siglen = siglen; cryptoInfo.pk.pqc_verify.msg = msg; cryptoInfo.pk.pqc_verify.msglen = msglen; + cryptoInfo.pk.pqc_verify.context = context; + cryptoInfo.pk.pqc_verify.contextLen = contextLen; + cryptoInfo.pk.pqc_verify.preHashType = preHashType; cryptoInfo.pk.pqc_verify.res = res; cryptoInfo.pk.pqc_verify.key = key; cryptoInfo.pk.pqc_verify.type = type; diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index 9a65ce78e7..6e5df59541 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -8024,8 +8024,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -8075,8 +8075,8 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -8127,6 +8127,22 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen, + hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Sign message. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8301,6 +8317,22 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Verify message with signature. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8339,21 +8371,21 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, ret = BAD_FUNC_ARG; } - #ifdef WOLF_CRYPTO_CB +#ifdef WOLF_CRYPTO_CB if (ret == 0) { - #ifndef WOLF_CRYPTO_CB_FIND + #ifndef WOLF_CRYPTO_CB_FIND if (key->devId != INVALID_DEVID) - #endif + #endif { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; } } - #endif +#endif if (ret == 0) { /* Verify message with signature. */ @@ -8397,6 +8429,22 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen, + hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Verify message with signature. */ #ifdef WOLFSSL_WC_DILITHIUM diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c index 6b44edd28f..ab529f7e22 100644 --- a/wolfcrypt/src/falcon.c +++ b/wolfcrypt/src/falcon.c @@ -73,8 +73,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng, - WC_PQC_SIG_TYPE_FALCON, key); + ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -171,8 +171,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_FALCON, key); + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 15289f6991..d2d90fe372 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -294,6 +294,9 @@ typedef struct wc_CryptoInfo { WC_RNG* rng; void* key; int type; /* enum wc_PqcSignatureType */ + const byte* context; + byte contextLen; + word32 preHashType; /* enum wc_HashType */ } pqc_sign; struct { const byte* sig; @@ -303,6 +306,9 @@ typedef struct wc_CryptoInfo { int* res; void* key; int type; /* enum wc_PqcSignatureType */ + const byte* context; + byte contextLen; + word32 preHashType; /* enum wc_HashType */ } pqc_verify; struct { void* key; @@ -560,10 +566,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, - word32 *outlen, WC_RNG* rng, int type, void* key); + word32 *outlen, const byte* context, byte contextLen, word32 preHashType, + WC_RNG* rng, int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, - const byte* msg, word32 msglen, int* res, int type, void* key); + const byte* msg, word32 msglen, const byte* context, byte contextLen, + word32 preHashType, int* res, int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, const byte* pubKey, word32 pubKeySz); From af4017132da70e43201448044bd6da7f79c6e51c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Wed, 20 Nov 2024 10:16:26 +0100 Subject: [PATCH 3/6] LMS fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add support for CMake * Add support for Zephyr * Make sure the internal key state is properly handled in case a public key is imported into a reloaded private key. Signed-off-by: Tobias Frauenschläger --- CMakeLists.txt | 12 ++++++++++-- cmake/functions.cmake | 16 ++++++++++++++++ cmake/options.h.in | 8 ++++++++ wolfcrypt/src/wc_lms.c | 3 ++- zephyr/CMakeLists.txt | 2 ++ 5 files changed, 38 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a9486c673..eb456a201f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -655,6 +655,16 @@ else() endif() endif() +# LMS +add_option(WOLFSSL_LMS + "Enable the wolfSSL LMS implementation (default: disabled)" + "no" "yes;no") + +# XMSS +add_option(WOLFSSL_XMSS + "Enable the wolfSSL XMSS implementation (default: disabled)" + "no" "yes;no") + # TODO: - Lean PSK # - Lean TLS # - Low resource @@ -668,8 +678,6 @@ endif() # - Atomic user record layer # - Public key callbacks # - Microchip/Atmel CryptoAuthLib -# - XMSS -# - LMS # - dual-certs # AES-CBC diff --git a/cmake/functions.cmake b/cmake/functions.cmake index 3c8832c2c3..c362194006 100644 --- a/cmake/functions.cmake +++ b/cmake/functions.cmake @@ -208,6 +208,12 @@ function(generate_build_flags) set(BUILD_EXT_KYBER "yes" PARENT_SCOPE) set(BUILD_OQS_HELPER "yes" PARENT_SCOPE) endif() + if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS) + set(BUILD_WC_LMS "yes" PARENT_SCOPE) + endif() + if(WOLFSSL_XMSS OR WOLFSSL_USER_SETTINGS) + set(BUILD_WC_XMSS "yes" PARENT_SCOPE) + endif() if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS) message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA") # we cannot actually build, as we only have pre-compiled bin @@ -818,6 +824,16 @@ function(generate_lib_src_list LIB_SOURCES) list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c) endif() + if(BUILD_WC_LMS) + list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c) + list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c) + endif() + + if(BUILD_WC_XMSS) + list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c) + list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c) + endif() + if(BUILD_LIBZ) list(APPEND LIB_SOURCES wolfcrypt/src/compress.c) endif() diff --git a/cmake/options.h.in b/cmake/options.h.in index 3a389dfef1..13e56625cf 100644 --- a/cmake/options.h.in +++ b/cmake/options.h.in @@ -382,6 +382,14 @@ extern "C" { #cmakedefine HAVE_ECC_KOBLITZ #undef HAVE_ECC_CDH #cmakedefine HAVE_ECC_CDH +#undef WOLFSSL_HAVE_LMS +#cmakedefine WOLFSSL_HAVE_LMS +#undef WOLFSSL_WC_LMS +#cmakedefine WOLFSSL_WC_LMS +#undef WOLFSSL_HAVE_XMSS +#cmakedefine WOLFSSL_HAVE_XMSS +#undef WOLFSSL_WC_XMSS +#cmakedefine WOLFSSL_WC_XMSS #ifdef __cplusplus } diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index 0b50a1ce1a..faa69987d9 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -1162,7 +1162,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen) if (ret == 0) { XMEMCPY(key->pub, in, inLen); - key->state = WC_LMS_STATE_VERIFYONLY; + if (key->state != WC_LMS_STATE_OK) + key->state = WC_LMS_STATE_VERIFYONLY; } return ret; diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt index b13d9941a1..7117beaebe 100644 --- a/zephyr/CMakeLists.txt +++ b/zephyr/CMakeLists.txt @@ -119,6 +119,8 @@ if(CONFIG_WOLFSSL) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c) + zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms.c) + zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms_impl.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c) From 3d4ec1464bf2c47d0e723f2f7be7993d747ff22e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Wed, 15 Jan 2025 08:34:54 +0100 Subject: [PATCH 4/6] Minor Dilithium fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix compilation in case caching is enabled. Signed-off-by: Tobias Frauenschläger --- wolfcrypt/src/dilithium.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index 6e5df59541..2d623645e1 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9276,7 +9276,7 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) ret = MEMORY_E; } else { - XMEMSET(key->a, 0, params->aSz); + XMEMSET(key->a, 0, key->params->aSz); } } #endif From 491e70be7a2f30bc74084de9c7675ea58e8f92bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Wed, 29 Jan 2025 16:42:15 +0100 Subject: [PATCH 5/6] PSK fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix compilation in case PSK is enabled, not Session tickets are disabled. Signed-off-by: Tobias Frauenschläger --- src/tls13.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index b1490b80c7..61d97e1e8b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7181,7 +7181,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ERROR_OUT(MATCH_SUITE_ERROR, exit_dch); } - #ifdef HAVE_SESSION_TICKET + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ssl->options.resuming) { ssl->options.resuming = 0; ssl->arrays->psk_keySz = 0; From 75d63071df31143ccc25176535a67518cda214ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Fri, 7 Feb 2025 16:11:19 +0100 Subject: [PATCH 6/6] Fix memory leak in handshake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make sure peer dilithium keys are properly freed. Signed-off-by: Tobias Frauenschläger --- src/internal.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/internal.c b/src/internal.c index c7f482337b..86ba579fd3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8906,6 +8906,10 @@ void FreeHandshakeResources(WOLFSSL* ssl) FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; #endif /* HAVE_FALCON */ +#if defined(HAVE_DILITHIUM) + FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey); + ssl->peerDilithiumKeyPresent = 0; +#endif /* HAVE_DILITHIUM */ } #ifdef HAVE_ECC